A Few of My Favorite Things

Scottie’s been hinting all fall that I should be spending more money
on him. As a personal trainer, Scottie’s great—really; but his hints are
getting quite out of hand. In October, for instance, I arrived home from
Anaheim where I’d been visiting Mickey Mouse and his Microsoft friends
at MEC, to find Scottie sitting silently on the kitchen floor dressed
from head to toe in aluminum foil. He claims he was just trying on his
Halloween costume (he said he was Baked Potato Man), but I think he was
really telling me he wanted some new clothes.

November was worse, though. Scottie came to COMDEX with me (well, I’d
been spending way too much time on the road and not enough time, er, exercising).
While it was fun to have an escort around the Las Vegas strip, his lust
for the finer things (jewelry, clothes, sculpture and rich-boy’s toys)
displayed in every window got a little tiring. Then I took him on the
COMDEX show floor.

This was a rather big mistake. Until then, Scottie, protesting he was
a confirmed luddite, had stayed away from technology; but in Vegas, the
technology tables claimed more of his time than the gaming tables. Now
he thinks he has a new business career—security hardware—and he can’t
wait to try out his new profession by outfitting my business with all
the latest cameras, biometric building locks and so forth. The man is
going to be a problem, but at least I can write off his trip expenses
if he’s going to turn into a technology consultant.

I’m always getting new technology toys. If they make me happy, shouldn’t
I share the love with others? Here are some gift ideas for you to add
to the Scottie’s on your list: tools to keep Internet connections safe,
keep notebooks and gear protected on the road, and a lot more. A wealth
of stuff is out there, and much of it’s free or available at a low price.
Give the gift of computer security this year. We’ll all benefit from your
efforts.

You’re Never too Young to Learn About SecurityThe Computer Learning Foundation, www.computerlearning.org,
has home and school videos, as well as a lesson plan that teaches children
about using computers wisely and protecting information. The materials
use puppets (Chip and Friends). It also has a wealth of material of interest
to parents of elementary-school children that details responsible use
of technology. I especially like the Code of Responsible Computing, posted
at www.computerlearning.org/ResCode.htm.
Maybe you should give a copy out at work. At home, if you want to filter
access to those less-than-child-friendly sites, Net Nanny, www.netnanny.com,
has a filtering program. It has a free trial and a $39.95 price tag.

Free and Less-Free Goodies

Training—Have a small-business owner on your list? Send him or
her to a NIST (National Institute of Standards and Technology) Small Business
Computer Security Workshop. The schedule for 2003 wasn’t posted as of
the time of writing, but the information looks good. The registration
fee is $50. The NIST Computer Security Resource Center is at csrc.nist.gov/.

Wireless security—Alert management to the problems of wireless
encryption and get them a copy of AirSnort. AirSnort, http://airsnort.shmoo.com,
will recover the Wireless Encryption Protocol (WEP) encryption keys. You’ll
need a Linux box and a specific type of wireless card, so be sure to read
all the documentation before downloading.

Anti-virus tools—There are several sites that have free virus
checkers, including Zero-Knowledge, www.freedom.net,
and Trend Micro, www.antivirus.com.
You can also get a free checker from Panda software; but be aware that,
in order to update it, you must pay the $29.95 purchase price. Most anti-virus
companies will also allow you to download a free trial; some, like Trend
Micro, will even allow you to update until the trial runs out. Pest Patrol,
www.pestpatrol.com, does more
than just check for viruses. It’s also on the lookout for Trojans, spyware,
mobile malicious code and other pests, with a $29.95 single-user edition
available.

Personal firewalls—Every computer user should have a personal
firewall. ZoneAlarm has a free one, downloadable for individual users
and nonprofit organizations, at www.zonelabs.com/store/content/home.jsp.
You can also get a trial version of Tiny Personal Firewall from www.tinysoftware.com;
purchase price is $39.95. If encrypting e-mail is a necessity, PGP can
be downloaded from PGP International, www.pgpi.org.

Hard drive erasure—To thoroughly obliterate data before
assigning that hard drive to others or just be assured that sensitive
information has really been removed from your machine, get BCWipe from
www.jetico.com/index.htm#/bcwipe.htm.
Download a free 30-day trial; a single-user license is $29.95. Another
freeware alternative is UltraWipe, www.webattack.com/get/ultrawipe.shtml.

Port protection—Watch your back, er, ports, with Nmap,
www.insecure.org/nmap. Nmap,
an open-source scanner, maps your network by detecting machines and the
services they offer. A beta version for Windows is at www.nmapwin.org.

Laptop bags—I spend a tremendous amount of time on the
road (hence my company’s name—Have Computer, Will Travel). Anything that
can help me in my travails is like gold.

The first places to look for a laptop bag are Targus, www.targus.com,
or Noteworthy, www.port.com. Look for
one that’s comfortable to haul and offers protection for the laptop. I
recently purchased a Noteworthy backpack for its extreme padding (the
most comfortable tote that I’ve found) and the fact that the model I found
zips around the top instead of up and down the sides. The top unzips and
flips back, which helps, as I’ve had way too many close calls with backpack
side-zip models coming unzipped on their own as I rush through the airport.

Hard drive enclosures—There are a number of good sources
for these. I picked up a model ME-910 USB model at my Toshiba dealer,
but you can find the USB model ($59.99) online at USBGear, www.usbgear.com/usa/USB_20.html.
Both USB and FireWire versions are available from Triumph, www.triumphtech.com/p/ME-910.htm.
Also check out LTG Technology XtraDisk, www.xtradisk.com/cgi-bin/webc.cgi/usb.html?sid=8y4GGIOWgHMy1FM.
Slap a hard drive inside, and you’ve got a portable backup system or extra
hard drive, always a welcome thing for those of us with more airline miles
than bucks in the bank. The advantage over traditional case and hard drive
models is that, because you buy the enclosure separately, you can use
it with almost any capacity drive and can change out hard drives or mount
one you already have on your laptop. (Don’t forget to purchase a compatible
drive.)

Locks, keys and alarms—Good locks and keys are available
from Targus or APC, www.apc.com/products/family/index.cfm?id=112.
My favorite security alarm is my Kryptonite (APC) Key lock ($39.99) with
quick-release node. This lock comes with a little nubbin you screw into
the security slot on your notebook and leave there. This makes it easier
to attach the cable (ever struggle with key and lock?) and means there’s
one less thing to pack.

For the ultimate in notebook security geekiness, head to www.robsecure.com/alarms.htm,
and check out Mr. Robsecure. This saucer-shaped alarm (a motion-detector
alarm with a twist) can be glued to the top of your laptop. You carry
a remote control device separately and can arm the alarm from a distance.

For the Security Geeks

So, what about your friends who already understand the importance of
security? Here are some useful tools they might enjoy:

Security guide—SANS is one of the most well-known security
organizations on the planet. Its security consensus guides, at store.sans.org/store_category.php?category=consguides,
provide best practices and step-by-step instructions on various topics.
Most are $29 and available on popular operating systems like Solaris,
Linux and Windows 2000.

Security tool list—Get a top 50 security tool list free
from www.insecure.org/tools.html.
This was created from a survey done by Insecure in May and June 2000,
in which 1,200 NMAP users from the nmap-hackers mailing list were polled
to determine their favorite security tools.

Security auditing—Turn them on to Nessus, a security-auditing
tool available from www.nessus.org.
This tool runs on Unix, but there’s a Win2K client. Nessus doesn’t assume
that a given service runs on the normal port, such as 80 for a Web server.

Security monitoring—Get them Tripwire’s evaluation kit
for Windows, www.tripwire.com/downloads/index.cfm.
It will teach them how to use the product for data integrity assurance.
Tripwire doesn’t prevent access; it sends alerts when unauthorized changes
are made to files and directories. Tripwire can also monitor network devices
such as Cisco routers and Nokia firewalls.

All I Want for Christmas
I know it’s out of the price range for most of us, and really isn’t a
security tool, but I’m going to ask Scottie for this one. It’s the $1,499
wearable computer from Xybernaut, www.xybernaut.com.
The Poma wearable computer will allow me to look at my data, play my tunes
and look weird wherever I go. I tried on the beta model at the 2001 COMDEX
and had a blast. It’s got a one-inch, full-color viewing screen I can
wear strapped to my head and posited right below one eye. It’s got a small,
pocket-sized CPU unit to attach onto my belt and even a miniature pointing
device. I can do wireless connection (add my own card) to a LAN and, hence,
to the Internet to navigate my way through a Word document or anything
reachable with IE. Sound is available via your own headphones. Wearable
computers—can membership in the Borg be far behind? Just call me “6.5.”